Author: pfellerich
Description:
LuaSandbox 1.6 (latest version), compiled on Debian 7, PHP 5.4.4-14+deb7u5, segfaults with the code below:
<?php
class XL extends LuaSandbox {
// Declaring a property will result in a segfault....
public $property;
}
$X = new XL(); trigger the segfault
setting a propery later does work when you remove the declaration from the class
$X->foo = 'bar';
?>
(above code works fine on deb6, PHP 5.3.3-7+squeeze17)
Version: unspecified
Severity: normal
When I try it (PHP 5.5.5-1 in Debian unstable), both $property and the assignment to ->foo are required to segfault. Neither one alone does it.
It seems that the cause is a change in PHP 5.4 (likely c5237d82b) that changed the handling of properties so a call to object_properties_init() is required if you use a custom create_object handler. If that's documented anywhere official, I haven't been able to find it. I did find mention of the requirement (but not the change) in an online book[1] and passing mention of a related change in a blog's comments.[2]
[1]: http://www.phpinternalsbook.com/classes_objects/custom_object_storage.html
[2]: http://www.kchodorow.com/blog/2011/08/11/php-extensions-made-eldrich-classes/
Change 96687 had a related patch set uploaded by Anomie:
Call object_properties_init in create_object handlers for PHP 5.4
pfellerich wrote:
Tested the patch against PHP 5.4.4-14+deb7u5, test passes now.
Thank you!
Change 96687 merged by jenkins-bot:
Call object_properties_init in create_object handlers for PHP 5.4
Change is now merged. I don't know when it will be deployed to WMF wikis, as luasandbox changes don't follow the normal deployment schedule.